0.24.4

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.24.4

Chart changes

• chore: bump app-proxy to 788a8d5 - fix app-proxy argocd-token monitoring (#782)
• fix: update image-enrichment images (#779)
• feat: added runtime label to codefresh cm (#781)

0.24.3

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.24.3

Chart changes

• backport redis bump fix 0.24 (#770)
• fix: component-test gitea deployment (#766)
• fix: app-proxy fails to report new and closed pr to product-components (#761)
• [gitops-operator]fix: promotions using pull requests do not resume after the pr has been merged (#753)
• [app-proxy]fix: git-source permissions are not being calculated for fine-grained tokens (#6683) (#749)
• chore(CR-30960): update enrichment images tag (#747)

0.24.2

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.24.2

Chart changes

• Chore-30961 security argocd-exstras (#729)
• bump argo-rollouts (#731)
• Chore/cr 29689 argo events workflow update with security fixes (#727)
• fix: security vulnerability CVE-2025-55190 (#733)
• Fix/svc-acc-pre-uninstall-hook (#728)
• updated sealed-secrets-controller (#723) (#724)
• fix: security fix: upgrade cli-v2 and debian versions (#718)
• feat: update cap-app-proxy image tags to 1.3750.0 (#720)

0.24.1

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.24.1

Chart changes

• 'chore: security fixes in tunnel-client, argo-events jetstreaming, runtime-installer'

0.24.0

Installation

To install this version of the gitops-runtime Helm chart, use the following command:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.24.0

⚠️ Important Upgrade Instructions

This release incorporates a security fix from Argo CD to address advisory GHSA-786q-9hcg-v9ff. The change removes sensitive information from the Project API response.

If you have automations or CLI commands that rely on credentials from project-scoped repositories and clusters previously returned by the Project API, you must update them to remove the logic that uses this data.

Chart Changes

This release includes the following notable changes:

• Security:

  • The Argo CD Project API response has been sanitized to remove sensitive information in accordance with GHSA-786q-9hcg-v9ff.

• Features:

  • Support for single-namespaced runtime installations has been added. This allows for a more granular and isolated setup.

• Dependency Updates:

  • The app-proxy image has been updated to version 1.3736.0 to support single-namespaced runtimes.
  • The gitops-operator image has been updated to disable the RGS controller when running in single-namespaced mode.

0.23.3

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.23.3

Chart changes

• update cli-v2 in installer - fix token validation code (#696)
• update cap-app-proxy image tags to 1.3727.0 (#692)

App-proxy changes

• fix: remote-cluster application fails to sync due to its project

Important Note

If the ISC repository already contains the resources/app-projects/cf-runtime-app-project.yaml file (created by runtime chart >=0.23 <0.23.3) - it should be manually updated:

...
spec:
  destinations:
  - namespace: '*'
    server: "*" # <-- replace 'https://kubernetes.default.svc' with "*" here
...

0.23.2

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.23.2

Chart changes

• updated changes
• updated nginx (#662)
• updated cli-v2, kubectl in runtime-installer (#661)
• using bitnamilegacy instead of bitnami (#653)
• chore(CR-30232): updated oauth2, golang.org/x/net, github.com/cloudflare (#639)
• updated cspd enrichers (#652)
• updated changes
• fix(app-proxy): update cap-app-proxy image tags to 1.3718.0 (#678)
• fix(app-proxy): update cap-app-proxy image tags to 1.3709.0 - simplify user cache (#673)

App-proxy changes

Introduced changes:

• fix: update EventSource import to default import syntax
• feat: simplify user cache
• feat: closing ha gaps in app-proxy

0.23.1

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.23.1

Chart changes

• bumped app-proxy to 1.3707.0 for HA support (#667)

App-proxy changes

Introduced changes:

• fix: "cannot lock ref" error while performing a promotion

0.23.0

Quick install

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.23.0

What’s new (highlights)

• Eventing: optional JetStream eventbus support + fixes for eventBusName.
• Argo CD 3.x compatibility: updated sub-charts (Argo CD, argo-rollouts) and a fix for out-of-sync CRDs; Helm & go-git bumps; Redis chart bump.
• Access control: ABAC for deployment actions (pause, resume, restart).
• Networking/ops: global proxy env vars and app-proxy now uses them for Git operations.
• Stability & resilience: many operator fixes (better error handling, safer resume logic, bounded curl timeouts, thread-safety, smarter requeues).

---

Component & chart updates

• cap-app-proxy: 1.3702.0
• codefresh-gitops-operator: 0.10.1
• argo-rollotus sub-chart: 2.37.3-6-v1.7.2-cap-CR-29629 (fixes out-of-sync CRDs on Argo CD v3)
• argo-cd sub-chart: 8.0.6-6-cap-v3.0.2-2025-07-06-e9fc72a9 (Helm & go-git bump; Redis version bump)

---

Detailed changes

Helm chart

• update cap-app-proxy to 1.3702.0
• update codefresh-gitops-operator to 0.10.1
• update argo-rollotus sub-chart to 2.37.3-6-v1.7.2-cap-CR-29629 (solve out-of-sync CRDs on Argo CD v3) (#630)
• update argo-cd sub-chart to 8.0.6-6-cap-v3.0.2-2025-07-06-e9fc72a9 (Helm & go-git bump) (#599); Redis version bump (#631)
• feat: add gitops-operator and argocd-extras templates (#591)
• feat: JetStream eventbus (#589)
• feat: added global proxy variables (#573)
• fix: support bring-your-own Argo CD < 3.1 (#576)
• fix: retries for Argo Events Sensors (#593)

app-proxy

• Allow concurrent reading of Git repo file content (#585)
• Update cf-git-providers to ^0.15.2 (#590)
• Return pushed commit SHA on push (#628)
• Fix eventBusName when using JetStream (#636)
• Use proxy env vars for Git operations (#646)
• Runtime application labels handling

codefresh-gitops-operator

• Fail release if app sync fails (#645)
• Stop attempting to resume a non-running workflow (#584)
• Change Git log look-back to 2 hours (#586)
• Broad error-handling improvements following 0.22.0 (#595)
• Cap curl on action node at 5 minutes; update Workflows.Resume (remove loop); make maps used in multithreaded code thread-safe; add requeue workaround for degraded rollout apps (#624)
• Update workflow submission logic & improve error handling (#65)
• Don’t requeue on known release creation failures (#655)

event-reporter

• Update cf-argocd-extras to 0.5.12 (dependency list fixes) (#616)
• Handle applications from a specific Argo CD instance (#618)

Other notable repo changes

• Add proxy env vars to COMMON_ENV_VARS
• Configurable refresh-permissions interval
• Fetch inactive applications only in app-proxy runtime
• Change ISC default app project to cf-app-project
• Add @types/jest dependency to multiple packages
• Update NestJS version

0.22.2

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.22.2

Chart changes

• Update gitops-oeprator to 0.8.6-832833c - optimize and batch calls to gitLog
• Update app-proxy to 1.3636.0-6119302 - fix caching of github users info, interduce new env variable to control permissions and token checks

App-proxy changes

No changes in this release